tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James R. Marcus" <>
Subject snort detecting ICMP traffic, tomcat?
Date Tue, 11 May 2010 14:17:51 GMT
I run Snort in a PCI environment. I have just rebuilt Snort and I’m in the tuning stage.

I have Tomcat 6.0.18 in the PCI environment and it may be initiating ICMP traffic to external
IPs. Here is the alert:

[1:486:5] ICMP Destination Unreachable Communication with Destination Host is Administratively
Prohibited [**] [Classification: Misc activity] [Priority: 3] {ICMP} ->

I have read the summary of the rule at and understand
that "no corrective action is necessary" but am curious about this traffic.

Could Tomcat be generating ICMP traffic to an IP accessing the server?

Is this some kind of keep alive?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message